# default settings CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign,cRLSign EXTCERTUSAGE = serverAuth,clientAuth CERTIP = 0.0.0.0 CERTFQDN = nohost.nodomain # This section should be referenced when building an x509v3 CA # Certificate. # The default path length and the key usage can be overriden # modified by setting the CERTPATHLEN and CERTUSAGE environment # variables. [x509v3_CA] basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN keyUsage=$ENV::CERTUSAGE # This section should be referenced to add an IP Address # as an alternate subject name, needed by isakmpd # The address must be provided in the CERTIP environment variable [x509v3_IPAddr] subjectAltName=IP:$ENV::CERTIP extendedKeyUsage=$ENV::EXTCERTUSAGE # This section should be referenced to add a FQDN hostname # as an alternate subject name, needed by isakmpd # The address must be provided in the CERTFQDN environment variable [x509v3_FQDN] subjectAltName=DNS:$ENV::CERTFQDN extendedKeyUsage=$ENV::EXTCERTUSAGE